Method, system and apparatus for backuping HA/MAP in mobile IPV6 network

ABSTRACT

The disclosure provides a method, system and apparatus for backuping HA/MAP in mobile IPv6 network. In the disclosure, at least two HAs/MAPs form a redundant backup group. The at least two HAs/MAPs elect an active HA/MAP and a standby HA/MAP via the VRRP. When the active HA/MAP interacts the signaling message with a mobile node, the HA/MAP in backup status obtains the signaling message interacted by both of them in real time. When the active HA/MAP is invalid, the standby HA/MAP may take over the work in time so that the stability of the active node device of the network is ensured. During the exchange of the active HA/MAP and the standby HA/MAP, the solution ensures a smooth transition of the service.

CROSS-REFERENCE TO RELATED APPLICATIONS

The application is a continuation of International Patent ApplicationNo. PCT/CN2006/002586, filed Sep. 29, 2006, which claims priority toChinese Patent Application No. 200510100196.2 submitted with the StateIntellectual Property Office of P.R.C. on Oct. 1, 2005, entitled “Methodfor Backuping HA/MAP in Mobile IPv6 Network,” both contents of which arehereby incorporated by reference in their entirety.

FIELD OF THE INVENTION

The disclosure relates to the communication field, and moreparticularly, to a method for backuping the home agent or mobile anchorpoint (HA/MAP) in the mobile IIPv6 network.

BACKGROUND OF THE INVENTION

With the development of the network technique and the appearance of lotsof mobile terminals, such as laptops, personal digital assistants (PDA),mobile telephones and mounted devices, an upsurge in the mobilecomputing is raised. More and more users may access the Internet via thepublic mobile wireless network by various terminals in any location. Tomeet the need of the mobile service, a mobile IP technique is introducedin the network layer.

In the Mobile IP technique, a mobile node (MN) may perform the IPcommunication by using the initial IP address all the time in themovement. Therefore, an upper layer application carried in the IPnetwork layer may be ensured uninterrupted and continuable.

The operation principle of the Mobile IP is that when an MN is connectedto its home network, the MN works in the same manner as other fixednodes. If the MN finds itself moved to a foreign network, the care ofaddress (CoA) on the foreign network is obtained by the stateful orstateless auto-configuration based on the received information announcedby the router. Here, the MN owns the home address and the CoA at thesame time. The MN registers its CoA to the home agent (HA) by a ‘bindingupdate’ message. If the correspondence node (CN) of the MN does not knowthe CoA of the MN, the correspondence node sends the data packets to thehome network of the MN according to the home address of the MN. The HAof the MN captures these data packets and transfers these data packetsto the MN by using a tunnel mechanism according to the current CoA ofthe MN. The message sent by the MN to the CN is sent to the HA via areverse tunnel, and is transferred to the CN by the HA. As the datapackets between the CN and the MN are both transferred by the HA in thatmanner, the manner may be called ‘triangle route’ manner.

In the ‘triangle route’ manner, in order to ensure the upper layerapplication carried in the IP network layer to be uninterrupted andcontinuable in movement. A plurality of HAs may be set on the home link.In a prior art, when the current active HA is invalid, the switchingprocess of the HA and the MN is as follows.

The MN detects the invalidation of the HA. Specifically, if the MN maynot obtain the prefix of the home address from the HA or the MN may notcomplete the home registration with the HA, the MN detects theinvalidation of the HA. In addition, if the MN fails to communicate withthe outer CN via the HA, the MN may detect the invalidation of the HA.

The MN sends an HA address request to obtain a redundant HA address whenthe MN detects the invalidation of the HA. After obtaining the HAaddress by the MN, the MN sends a home link prefix request to get itsown home address. Subsequently, the MN completes the home registration.The MN re-completes the process of the registration and communicationwith other CNs.

However, all the binding information retained in the invalid HA is lost.The real-time service is interrupted and the MN needs to re-establishthe service connection, which costs greatly and consumes a lot ofbandwidth.

Another method of the redundant backup for the HA/MAP. The basic schemeis shown as follows.

1. The HA on the same home link completes the election between theactive HA/MAP and the standby HA/MAP by the virtual route redundancyprotocol (VRRP).

2. When the active HA/MAP performs message interaction with the MN, theactive HA/MAP creates a binding request and a binding update message byexpanding the VRRP message to complete the backup of the bindingdatabase record from the active HA/MAP to the standby MA/MAP.

3. When the active HA/MAP is invalid, as the backup of the bindinginformation is stored in the standby HA/MAP, the service flow (thetriangle route) which is performing communication currently is notimpacted and the standby HA/MAP may continually transfer the servicebetween the MN and the CN.

The method creates the binding request and the binding update message bythe manner of expanding the VRRP message to complete the backup of thebinding database record from the active HA/MAP to the standby HA/MAP.The quality of the communication between the MN and the CN may not beensured because the backup is not performed in real time.

In addition, as the key message of the security association (SA) has nobackup (if the interaction is performed by using a dynamic key), whenthe CoA of the MN changes and needs to be re-registered by the HA, theMN needs to re-perform the key interaction with the new HA because thekey negotiated before may not be retained. The process of the bindingupdate of the MN is delayed.

SUMMARY OF THE INVENTION

The disclosure provides a method, system and apparatus for backuping anHA/MAP in a mobile IPv6 network to realize the real-time backup of theHA/MAP and enable a standby HA/MAP to take over seamlessly when anactive HA/MAP is invalid.

A method for backuping a home agent or mobile anchor protocol (HA/MAP)in a mobile IPv6 network, at least two HAs/MAPs forming a redundantbackup group includes following steps.

The at least two HAs/MAPs elect an active HA/MAP and a standby HA/MAP.

When the active HA/MAP performs a signaling message interaction with anMN, the standby HA/MAP obtains in real time a signaling message sent bythe MN to the active HA/MAP and the signaling message sent by the activeHA/MAP to the MN; or after performing the signaling message interactionwith the MN, the active HA/MAP sends status information in real time tothe standby HA/MAP via a synchronization message.

The standby HA/MAP elects a new active HA/MAP when the active HA/MAP isinvalid.

Optionally, the step of obtaining in real time, by the standby HA/MAP,the signaling message sent by the MN to the active HA/MAP and asignaling message sent by the active HA/MAP to the MN specificallyincludes following steps.

A backup information channel is established among the standby HA/MAP,the active HA/MAP and the MN.

The standby HA/MAP obtains in real time the signaling message betweenthe active HA/MAP and the MN via the backup information channel. Thesignaling message includes a binding update message and a key exchangemessage of a security association.

Optionally, the step of establishing the backup information channel is:forming the backup information channel by connecting the active HA/MAP,the standby HA/MAP and the MN to an outer switch located outside eachouter link interface.

The step of obtaining in real time, by the standby HA/MAP, the signalingmessage between the active HA/MAP and the MN via the backup informationchannel specifically is that the outer switch copies the message sent bythe MN to the active HA/MAP and the message sent by the active HA/MAP tothe MN to the standby HA/MAP.

Optionally, after the standby HA/MAP obtains in real time the signalingmessage sent by the MN to the active HA/MAP and the signaling messagesent by the active HA/MAP to the MN, the method further includes:processing the signaling message obtained in real time.

The step of processing the signaling message obtained in real timespecifically includes following steps.

A new record is established in a backup database and marked astemporarily unusable after the standby HA/MAP has obtained a bindingupdate request sent by the MN.

After that, the record is marked as usable or updated according to anobtained binding update acknowledgement message sent by the activeHA/MAP.

Optionally, if the binding update request of the MN includes a homeaddress created by the MN, the active HA/MAP repeatedly performs anaddress examination for the binding update message; if the home addressof the MN is different from the home address of other MNs and an addressof a local link node, the binding update acknowledgement message is thebinding update acknowledgement message sent by the active HA/MAPdirectly to the MN.

If the home address of the MN is the same as the home address of otherMNs and the address of the local link node, the binding updateacknowledgement message is the binding update acknowledgement messageincluding a suggested home address sent by the active HA/MAP to the MN.

If the binding update request of the MN includes the home addresscreated by the MN, the binding update acknowledgement message is thebinding update acknowledgement message including the home addressinitiatively allocated for the MN and sent by the active HA/MAP to theMN.

Optionally, the step of marking the record as usable or updating therecord according to an obtained binding update acknowledgement messagesent by the active HA/MAP specifically includes following steps.

When there is no home address in the binding update acknowledgementmessage sent by the active HA/MAP, the standby HA/MAP marks the newrecord as usable in the database.

When the binding update acknowledgement message sent by the activeHA/MAP includes the home address initiatively allocated, the standbyHA/MAP adds the allocated home address into the new record in thedatabase.

When the binding update acknowledgement message sent by the activeHA/MAP includes the suggested home address, the standby HA/MAP updatesthe new record as the suggested home address in the database.

Optionally, if the active HA/MAP creates the security association withthe MN, the step of processing the signaling message obtained in realtime specifically includes that the standby HA/MAP keeps real-timesynchronization with a sending serial number and a receiving slip windowof the active HA/MAP by analyzing the obtained signaling message betweenthe active HA/MAP and the MN.

Optionally, the method further includes following steps.

When the HA/MAP resumes after invalidation, a current HA/MAP sends batchbackup information to the HA/MAP; and

The HA/MAP enters a real-time backup status after completing a batchbackup.

The step of sending, by a current HA/MAP, batch backup information tothe HA/MAP specifically includes following steps.

When the batch backup request sent by the HA/MAP includes the securitypolicy database, the security association database, the Internet keyexchange status information and the binding updated index information, acurrent active HA/MAP sends a backup response carrying a security policydatabase, a security association database, Internet key exchange statusinformation and binding updated index information which are needed bythe HA/MAP; when the batch backup request sent by the current HA/MAPdoes not includes backup information, needed by the current HA/MAP, thecurrent active HA/MAP sends a backup response carrying the currentsecurity policy database, the security association database, theInternet key exchange status information and the binding updated indexinformation to the HA/MAP.

A downloaded security policy database, the security associationdatabase, the Internet key exchange status information and the bindingupdated index information are determined after receiving the backupresponse of the current active HA/MAP by the HA/MAP; the batch backuprequest is resent to the current HA/MAP; backup information isdownloaded and sent to the standby HA/MAP according to a re-receivedrequest by the current HA/MAP.

Optionally, the step of sending status information in real time to thestandby HA/MAP via a synchronization message includes that the activeHA/MAP synchronizes a key exchange status to the standby HA/MAP via thesynchronization message when the active HA/MAP dynamically creates thesecurity association with the MN.

The step of synchronizing, by the active HA/MAP, a key exchange statusto the standby HA/MAP via the synchronization message specificallyincludes following steps.

When the MN and the active HA/MAP complete a first phase of the Internetkey exchange, the active HA/MAP synchronizes a first phase status of theInternet key exchange to the standby HA/MAP.

When the MN and the active HA/MAP complete a second phase of theInternet key exchange, the active HA/MAP synchronizes a second phasestatus or the second phase and the first phase status of the Internetkey exchange to the standby HA/MAP.

Optionally, the step of sending status information in real time to thestandby HA/MAP via a synchronization message includes that the activeHA/MAP backups binding cache information to the standby HA/MAP via thesynchronization message.

According to another aspect of the disclosure, a system for backuping ahome agent or mobile anchor protocol (HA/MAP) in a mobile IPv6 networkincludes a redundant backup group formed by at least two HAs/MAPs andthe at least HAs/MAPs includes an elected active HA/MAP and a standbyHA/MAP; the standby HA/MAP is adapted to obtain in real time a signalingmessage sent by the active HA/MAP to a mobile node (MN) and thesignaling message sent by the MN to the active HA/MAP or is adapted toobtain status information in real time sent by the active HA/MAP via asynchronization message.

Optionally, the system further includes:

a backup information channel established among the standby HA/MAP, theactive HA/MAP and the MN and adapted to transmit a message obtained inreal time by the standby HA/MAP;

an outer switch located outside each outer link interface, connected tothe active HA/MAP, the standby HA/MAP and the MN, and adapted to copythe message sent by the active HA/MAP to the MN and the message sent bythe MN to the active HA/MAP to the standby HA/MAP.

An apparatus for backuping a home agent or mobile anchor point (HA/MAP)in an IPv6 network includes:

an interaction message obtaining unit, adapted to obtain a signalingmessage sent by a mobile node (MN) to an active HA/MAP and the signalingmessage sent by the active HA/MAP to the MN; and

an interaction message sending unit, adapted to send in real time theobtained signaling message to a standby HA/MAP.

Optionally, the interaction message obtaining unit and the interactionmessage sending unit are set in an outer switch located outside eachouter link interface.

Optionally, the apparatus further includes an interaction messageprocessing unit set in an HA/MAP and adapted to process the signalingmessage from the interaction message sending unit when the HA/MAP is ina backup status.

Optionally, the interaction message processing unit includes a bindingupdate message processing unit and an IP security message processingunit. The binding update message processing unit is adapted to establisha new record in a backup database according to an obtained bindingupdate request sent by the MN, mark the record as temporarily unusable,and mark the record as usable or update the record according to anobtained binding update acknowledgement message sent by the activeHA/MAP. The IP security message processing unit is adapted to analyze anobtained IP security message between the active HA/MAP and the MN tokeep real-time synchronization with a sending serial number and areceiving slip window of the active HA/MAP.

Optionally, the apparatus further includes:

a batch backup request unit, set in the HA/MAP and adapted to send abatch backup request for the HA/MAP when an invalid active HA/MAPresumes and is elected as the standby HA/MAP;

a backup response unit, set in the HA/MAP and adapted to send a backupresponse to respond the batch backup request for a current activeHA/MAP;

a backup response processing unit, set in the HA/MAP and adapted toobtain index information after receiving the backup response and informthe batch backup request unit to send a re-batch backup request carryingthe index information of the backup information needing to download; and

a backup information sending unit, set in the HA/MAP and adapted to sendthe backup information when the current active HA/MAP has received there-batch backup request.

The disclosure makes the service information between the standby HA/MAPand the active HA/MAP real-time synchronous by the standby HA/MAPobtaining in real time the message interacted between the active HA/MAPand the MN or by the active HA/MAP sending in real time the backupinformation to the standby HA/MAP. Therefore, when the active HA/MAP isinvalid, the standby HA/MAP may take over the work in real time, whichensures the stability of the active node devices in the network andminimally reduces the influence on the network operation by thesingle-point trouble.

According to the disclosure, the batch backup between the standby HA/MAPand the active HA/MAP is realized. In the period of the active-backupexchange, the present scheme ensures the smooth transmission of theservice and makes the foreign and local MNs not to feel the change ofthe service flow.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic diagram illustrating the scheme of the basicnetwork organization in accordance with an embodiment of the disclosure;

FIG. 2 is a schematic diagram illustrating the real-time backup inaccordance with an embodiment of the disclosure;

FIG. 3 is a schematic diagram illustrating that the standby HA/MAPobtaining in real time the signaling message in accordance with anembodiment of the disclosure;

FIG. 4 is a schematic diagram illustrating the batch backup inaccordance with an embodiment of the disclosure; and

FIG. 5 is a block diagram illustrating the backup apparatus inaccordance with an embodiment of the disclosure.

DETAILED DESCRIPTION OF THE EMBODIMENTS

In order to make the objects, technical solutions and merits of thedisclosure clearer, a further description of embodiments of thedisclosure is given in conjunction with the accompanying drawings.

Referring to FIG. 1, one embodiment of the backup system in accordancewith the disclosure is applied in the mobile IPv6 network. On the homelink of the MN 110, HA/MAP 121, 122 and 123 form a redundant backupgroup. The HA/MAP 121, 122 and 123 elect HA/MAP 121 as an active HA/MAPand the HA/MAP 122, 123 as a standby HA/MAP.

When the active HA/MAP 121 performs message interaction with the MN 110,the HA/MAP 122, 123 in backup status obtain in real time the messagesent by the MN 110 to the active HA/MAP 121 and the message sent by theactive HA/MAP 121 to the MN 110 and process the message; or when theactive HA/MAP 121 performs message interaction with the MN 110, theactive HA/MAP 121 synchronizes in real time the status information tothe HA/MAP 122, 123 in the backup status by a synchronization message.

Also referring to FIG. 2 which is a schematic diagram illustrating thereal-time backup in accordance with the embodiment of the standby Methodin the disclosure, the real-time backup process includes the followingsteps.

Step S21: On the home link of the MN, a plurality of HAs/MAPs forms theredundant backup group. Each HA/MAP elects the active HA/MAP by the VRRPprotocol or a similar priority election protocol. The active HA/MAPcommunicates with an outer network by a virtual IPv6 address and avirtual medium access control address. The HA/MAP may share the globalroutable IP address to outside.

When the active HA/MAP performs message interaction with the MN, theHA/MAP in the backup status obtains in real time the message sent by theMN to the active HA/MAP and the message sent by the active HA/MAP to theMN, calculates the message, processes the message, and stores theresult. In one embodiment of the disclosure, the specific process forobtaining in real time the message and processing the message includesfollowing steps.

The configuration of the active HA/MAP is the same as the configurationof the standby HA/MAP, i.e. the security policy databases (SPD) of theactive HA/MAP and the standby HA/MAP are the same. If the active HA/MAPand the standby HA/MAP establish the security association manually, thesecurity association databases (SADB) of the active HA/MAP and thestandby HA/MAP are also the same.

When the active HA/MAP establishes the security association with the MN(MN) by using an Internet key exchange (IKE) (Step S22, S23), thesecurity association status (IKE/IPSec status) needs to be backuped tothe standby HA/MAP (Step S24). Meanwhile, the index relationship betweenthe security policy database SPD and the security association also needsto be backuped. The active HA/MAP may backup the established IKE/IPSecstatus to the standby HA/MAP by the synchronization message. The standbyMessage used may be an expanding message of the VRRP for IPv6.

The active HA/MAP may backup the established IKE/IPSec status to thestandby HA/MAP by the synchronization message. The specific process isas follows.

When the MN MN completes the first phase exchange of the IKE with theactive HA/MAP, the active HA/MAP may synchronize the status of the firstphase (including the DH exchanging public values, initiating the nonceand so on) of the IKE to the standby HA/MAP.

When the MN MN completes the second phase exchange of the IKE with theactive HA/MAP, the active HA/MAP may synchronize the status of thesecond phase or the status of the second phase and the first phase ofthe IKE to the standby HA/MAP.

In addition, the standby HA/MAP also needs to synchronize the sendingserial number and the receiving slip window of the key message of thesecurity association of the active HA/MAP. The standby HA/MAP keepssynchronization by obtaining and analyzing the mobile signaling messagebetween the active HA/MAP and the MN. The standby HA/MAP may perform asecurity filtering to the received signaling message, i.e. the standbyHA/MAP only receives the signaling message between the active HA/MAP andthe MN so as to keep synchronization with the sending serial number andthe receiving slip window of the key message of the security associationof the active HA/MAP.

When the active HA/MAP performs the binding update with the MN, eachHA/MAP in the backup status may also obtain the message sent by the MNto the active HA/MAP and the message sent by the active HA/MAP to theMN, calculate the binding update message, process the binding updatemessage and stores the result. The specific process includes followingsteps.

When the active HA/MAP has received a binding update request (Step S25),the active HA/MAP sends different binding update acknowledge messagesconditionally (Step S27). If the home address created by the MN itselfis not included, the active HA/MAP directly sends the binding updateacknowledge message to the MN. If the home address created by the MNitself is included, the active HA/MAP needs to examine the home addressrepeatedly. The examination method includes: inquiring a local home linkneighbor database, sending a repeat address examination message orinquiring a neighbor agent. If the repeat address examination is passed,the active HA/MAP directly sends the binding update acknowledge messageto the MN. If the repeat address examination is not passed, thesuggested home address needs to be included in the binding updateacknowledge.

After obtaining the binding update request (Step S26), the standbyHA/MAP establishes a new record in the backup database and marks therecord as temporarily unusable; and then marks the record as usable orupdating the record according to the obtained binding update acknowledgemessage sent by the active HA/MAP (Step S28). When the home addressfield is not included in the binding update acknowledge message sent bythe active HA/MAP, the standby HA/MAP marks the new record in thedatabase as usable. When the allocated home address is included in thebinding update acknowledge message sent by the active HA/MAP, thestandby HA/MAP adds the allocated home address into the new record inthe database. When the suggested home address is included in the bindingupdate acknowledge message sent by the active HA/MAP, the standby HA/MAPupdates the new record in the database to the suggested home address.

In addition, the active HA/MAP may also directly send the binding cacheinformation to the standby HA/MAP.

The standby HA/MAP may obtain the signaling message between the activeHA/MAP and the MN by establishing a backup information channel. Oneembodiment of the backup information channel is shown in FIG. 3. Thebackup information channel is established between each outer linkinterface 130 using the VRRP protocol. The signaling message sent by MN110 to active HA/MAP 121 and the binding update message are copied bythe switch 140 of the outer link to the standby HA/MAP 122, 123.Meanwhile, the signaling message sent by the active HA/MAP 121 to the MN110 and the binding update message are also copied by the switch 140 ofthe outer link to the standby HA/MAP 122, 123. When the active HA/MAP isinvalid (Step S29), by the VRRP protocol, the standby HA/MAP elects anew active HA/MAP to take over the work of the active HA/MAP and act asthe new active HA/MAP (Step S30). The active HA/MAP may be invalidbecause of exception errors or maintaining requirement.

If a previous active HA/MAP resumes, it may be elected as a new standbyHA/MAP by the VRRP protocol. The HA/MAP has no information recorded inthe security policy database, in the security association database andin the binding update database. The information needs to be obtainedfrom the current active HA/MAP for completing the backup work. Althoughthe previous active HA/MAP is the owner of the virtual IPv6 address, theprevious active HA/MAP may be elected as a new active HA/MAP only afterdownloading the backup information in batch-bulk from the current activeHA/MAP.

FIG. 4 is a schematic diagram illustrating that the standby HA/MAPbackups the message information of the current active HA/MAP inbatch-bulk. The process of batch backup includes following steps.

Step S41: When the previous active HA/MAP resumes, the previous activeHA/MAP is elected as the new standby HA/MAP by the VRRP protocol. Thestandby HA/MAP initiates a batch backup request to the active HA/MAP;

Step S42: When the active HA/MAP receives the batch backup request sentby the standby HA/MAP, the active HA/MAP sends a backup response. Thespecific process includes as follows.

Firstly, the active HA/MAP determines whether the standby HA/MAP carriesthe index of the backup information needed. If the standby HA/MAPcarries the index of the backup information needed, the current activeHA/MAP sends the backup response carrying the security policy database,the security association database, the status information of theInternet key exchange and the index information of the binding updateneeded by the standby HA/MAP. When the batch backup request sent by theHA/MAP does not include the backup information needed, the currentactive HA/MAP sends the backup response carrying the current securitypolicy database, the security association database, the statusinformation of the Internet key exchange and the index information ofthe binding update to the HA/MAP.

Step S43: When the HA/MAP receives the response of the current activeHA/MAP, the HA/MAP determines to download security policy database, thesecurity association database, the status information of the Internetkey exchange and the index information of the binding update accordingto its own need and re-sends a batch backup request to the currentactive HA/MAP.

Step S44: According to the re-received download request, the currentactive HA/MAP sends the backup information to the standby HA/MAP.

After completing the batch backup, the standby HA/MAP enters thereal-time backup status.

Referring to FIG. 5, it is a block diagram illustrating the backupapparatus of the HA/MAP in accordance with an embodiment of thedisclosure.

The backup apparatus includes: an interaction message obtaining unit 510adapted to obtain the signaling message sent by the MN to the activeHA/MAP and the signaling message sent by the active HA/MAP to the MN;and an interaction message sending unit 520 adapted to send in real timethe obtained signaling message to the standby HA/MAP.

In one embodiment of the disclosure, the interaction message obtainingunit 510 and the interaction message sending unit 520 are set in theouter switch 600 located outside each outer link interface.

The backup apparatus further includes an interaction message processingunit 530 set in the HA/MAP adapted to process the signaling message fromthe interaction message sending unit 520 when the HA/MAP is in thebackup status.

The interaction message processing unit 530 includes a binding updatemessage processing unit 531 and an IP security message processing unit532.

The binding update message processing unit 531 is adapted to establish anew record in the backup database according to the obtained bindingupdate request sent by the MN and to mark the record as temporarilyunusable; and mark the record as usable or update the record accordingto the obtained binding update acknowledgement message sent by theactive HA/MAP.

The IP security message processing unit 532 is adapted to analyze theobtained IP security message between the active HA/MAP and the MN tokeep real-time synchronization with the sending serial number and thereceiving slip window of the active HA/MAP.

In addition, after resuming, an invalid previous active HA/MAP may beelected as a new standby HA/MAP by the VRRP protocol. The HA/MAP has noinformation recorded in the security policy database, in the securityassociation database and in the binding update database. The previousactive HA/MAP may be elected as a new active HA/MAP only afterdownloading the backup information from the current active HA/MAP inbatch-bulk. In order to realize the batch backup, the backup apparatusfurther includes:

a batch backup request unit 540 set in the HA/MAP and adapted to send abatch backup request for the HA/MAP when the invalid active HA/MAPresumes and is elected as the standby HA/MAP;

a backup response unit 550 set in the HA/MAP and adapted to send abackup response to respond the batch backup request for the currentactive HA/MAP;

a backup response processing unit 560 set in the HA/MAP and adapted toobtain the index information after receiving the backup response andinform the batch backup request unit 540 to send a re-batch backuprequest carrying the index information of backup information needing tobe downloaded; and

a backup information sending unit 570 set in the HA/MAP and adapted tosend the backup information when the current active HA/MAP received there-batch backup request.

Though illustration and description of the present disclosure have beengiven with reference to embodiments thereof, it should be appreciated bypersons of ordinary skill in the art that various changes in forms anddetails can be made without deviation from the scope of this disclosure,which are defined by the appended claims.

1. A method for backing up a home agent or mobile anchor point (HA/MAP)in a mobile Ipv6 network, at least two HAs/MAPs forming a redundantbackup group, comprising: electing, from at least two HAs/MAPs, anactive HA/MAP and a standby HA/MAP; obtaining in real time, by thestandby HA/MAP, a signaling message sent by a mobile node (MN) to theactive HA/MAP and a signaling message sent by the active HA/MAP to theMN when the active HA/MAP performs a signaling message interaction withthe MN; or sending status information in real time to the standbyHA/MAP, by the active HA/MAP, via a synchronization message after theactive HA/MAP performs the signaling message interaction with the MN;and electing, from the standby HA/MAP, a new active HA/MAP when theactive HA/MAP is invalid; wherein after the standby HA/MAP obtains inreal time the signaling message sent by the MN to the active HA/MAP andthe signaling message sent by the active HA/MAP to the MN, the methodfurther comprises: processing the signaling message sent by the MN tothe active HA/MAP and the signaling message sent by the active HA/MAP tothe MN obtained in real time, wherein the processing further comprises:establishing a new record in a backup database and marking the record astemporarily unusable after the standby HA/MAP has obtained a bindingupdate request sent by the MN; and marking the record as usable orupdating the record according to an obtained binding updateacknowledgement message sent by the active HA/MAP; wherein if thebinding update request of the MN comprises a home address created by theMN, the active HA/MAP repeatedly performs an address examination for thebinding update message; if the home address of the MN is different fromthe home address of other MNs and an address of a local link node, thebinding update acknowledgement message is the binding updateacknowledgement message sent by the active HA/MAP directly to the MN; ifthe home address of the MN is the same as the home address of other MNsand the address of the local link node, the binding updateacknowledgement message is the binding update acknowledgement messagecomprising a suggested home address sent by the active HA/MAP to the MN;and if the binding update request of the MN comprises the home addresscreated by the MN, the binding update acknowledgement message is thebinding update acknowledgement message comprising the home addressinitiatively allocated for the MN and sent by the active HA/MAP to theMN.
 2. The method according to claim 1, wherein the obtaining in realtime the signaling message comprises: establishing a backup informationchannel among the standby HA/MAP, the active HA/MAP and the MN; andobtaining in real time, by the standby HA/MAP, the signaling messagebetween the active HA/MAP and the MN via the backup information channel,wherein the signaling message comprises a binding update message and akey exchange message of a security association.
 3. The method accordingto claim 2, wherein the establishing the backup information channel is:forming the backup information channel by connecting the active HA/MAP,the standby HA/MAP and the MN to an outer switch located outside eachouter link interface, wherein the obtaining in real time the signalingmessage between the active HA/MAP and the MN via the backup informationchannel specifically is: copying, by the outer switch, the message sentby the MN to the active HA/MAP and the message sent by the active HA/MAPto the MN to the standby HA/MAP.
 4. The method according to claim 1,wherein the marking the record as usable or updating the recordcomprises: marking, by the standby HA/MAP, the record as usable in thedatabase when there is no home address in the binding updateacknowledgement message sent by the active HA/MAP; adding, by thestandby HA/MAP, the allocated home address into the record in thedatabase when the binding update acknowledgement message sent by theactive HA/MAP comprises the home address initiatively allocated; andupdating, by the standby HA/MAP, the record as the suggested homeaddress in the database when the binding update acknowledgement messagesent by the active HA/MAP comprises the suggested home address.
 5. Themethod according to claim 1, further comprising: sending, by a currentHA/MAP, batch backup information to the HA/MAP when the HA/MAP resumesafter invalidation; and entering a real-time backup status after theHA/MAP completes a batch backup, wherein the sending batch backupinformation to the HA/MAP specifically comprises: sending, by a currentactive HA/MAP, a backup response carrying a security policy database, asecurity association database, Internet key exchange status informationand binding updated index information which are needed by the HA/MAPwhen the batch backup request sent by the HA/MAP comprises the securitypolicy database, the security association database, the Internet keyexchange status information and the binding updated index information;sending, by the current active HA/MAP, a backup response carrying thecurrent security policy database, the security association database, theInternet key exchange status information and the binding updated indexinformation to the HA/MAP when the batch backup request sent by thecurrent HA/MAP does not comprise backup information, needed by thecurrent HA/MAP; and determining to download security policy database,the security association database, the Internet key exchange statusinformation and the binding updated index information after receivingthe backup response of the current active HA/MAP by the HA/MAP;resending the batch backup request to the current HA/MAP; downloadingand sending backup Information to the standby HA/MAP according to are-received request by the current HA/MAP.
 6. The method according toclaim 1, wherein the sending status information in real time to thestandby HA/MAP via a synchronization message comprises: synchronizing,by the active HA/MAP, a key exchange status to the standby HA/MAP viathe synchronization message when the active HA/MAP dynamically createsthe security association with the MN, wherein the synchronizing a keyexchange status to the standby HA/MAP further comprises: synchronizing,by the active HA/MAP, a first phase status of the Internet key exchangeto the standby HA/MAP when the MN and the active HA/MAP complete a firstphase of the Internet key exchange; and synchronizing, by the activeHA/MAP, a second phase status or a second phase and the first phasestatus of the Internet key exchange to the standby HA/MAP when the MNand the active HA/MAP complete the second phase of the Internet keyexchange.
 7. The method according to claim 1, wherein the sending statusinformation in real time to the standby HA/MAP via a synchronizationmessage comprises: backing up, by the active HA/MAP, binding cacheinformation to the standby HA/MAP via the synchronization message.
 8. Anapparatus for backing up a home agent or mobile anchor point (HA/MAP) inan Ipv6 network, comprising: an interaction message obtaining unitadapted to obtain a signaling message sent by a mobile node (MN) to anactive HA/MAP and a signaling message sent by the active HA/MAP to theMN; and an interaction message sending unit adapted to send in real timethe obtained signaling message to a standby HA/MAP; a batch backuprequest unit set in the HA/MAP and adapted to send a batch backuprequest for the HA/MAP when an invalid active HA/MAP resumes and iselected as the standby HA/MAP; a backup response unit set in the HA/MAPand adapted to send a backup response to respond the batch backuprequest for a current active HA/MAP; a backup response processing unitset in the HA/MAP and adapted to obtain index information afterreceiving the backup response and inform the batch backup request unitto send a re-batch backup request carrying the index information of thebackup information needing to be downloaded; and a backup informationsending unit set in the HA/MAP and adapted to send the backupinformation when the current active HA/MAP has received the re-batchbackup request.
 9. The apparatus according to claim 8, wherein theinteraction message obtaining unit and the interaction message sendingunit are set in an outer switch located outside each outer linkinterface.